[MERGE] use a serial number and one random value for fileids
John A Meinel
john at arbash-meinel.com
Fri May 19 13:06:48 BST 2006
Robert Collins wrote:
> This patch uses a serial number and a single random value for 'bzr add'
> rather than brand new randomness each time.
>
> Its clearly still unique within a single process.
>
> Globally it still needs a collision on the timestamp and 64 bits of
> entropy to have a collision.
>
> The only hole I can see is someone doing fork() after calling add, and
> then calling add in the child. We probably should add an atfork hook to
> reset the seed in this case.
>
> Rob
>
If you are worried about collisions after fork(), couldn't you just
include the PID in the entropy?
I don't know if you really prefer it, but something like:
sha1sum = sha1.new()
sha1sum.update(str(os.getpid()))
sha1sum.update(_cached_randomness)
sha1sum.update(str(_counter))
suffix = sha1sum.hexdigest()[:32]
You could save a lot more entropy that way. And if you were really
worried about length and collisions, include the timestamp in the hash,
and just put the whole hash as the entropy.
sha1 isn't really expensive, though if you are comparing the time of
rand_bytes it might be.
John
=:->
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
Url : https://lists.ubuntu.com/archives/bazaar/attachments/20060519/190e9108/attachment.pgp
More information about the bazaar
mailing list